Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 17 Apr 2012 20:33:34 +0400
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc:        Ermal Lu?i <eri@FreeBSD.org>, freebsd-pf@FreeBSD.org
Subject:   Re: kern/164402: [pf] pf crashes with a particular set of rules when first matching packet arrives
Message-ID:  <20120417163334.GB2140@glebius.int.ru>
In-Reply-To: <5CA2DD90-145C-44F2-AD66-2DBCE8989C2A@lists.zabbadoz.net>
References:  <201204151200.q3FC0LT5085161@freefall.freebsd.org> <20120416185949.GC92286@FreeBSD.org> <CAPBZQG2Tjg36GNCBetRZ20FhQnL1sK9i_-oQDDb97bcb4N=sLA@mail.gmail.com> <20120417081406.GA93887@glebius.int.ru> <CAPBZQG2gF8GSx6eE4jkFuOf29c-jB09Gz6=%2BkbpXprN8XiEE4w@mail.gmail.com> <20120417084608.GA99119@glebius.int.ru> <CAPBZQG0ujzB%2B7xTFpvhjRVbrtBEeABXHeKDx-WjbSOaAWX0-sA@mail.gmail.com> <20120417094825.GC99119@glebius.int.ru> <5CA2DD90-145C-44F2-AD66-2DBCE8989C2A@lists.zabbadoz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 17, 2012 at 04:32:31PM +0000, Bjoern A. Zeeb wrote:
B> > On Tue, Apr 17, 2012 at 11:33:27AM +0200, Ermal Lu?i wrote:
B> > E> The only problem i might see is when running more than one firewall
B> > E> together but still there are other issues when you do that at pfil(9)
B> > E> level.
B> > 
B> > Well, playing with two firewalls was never safe and clear, there always
B> > be edge cases in such setups.
B> 
B> A lot of people have used ipfw to filter L2 MAC addresses etc and pf for everything else in the past.  So certainly is not an edge case.

Enabling two firewalls isn't an edge case, but when two firewalls enabled
there are numerouse possibilities to do evil misconfigurations.

-- 
Totus tuus, Glebius.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120417163334.GB2140>